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REMARKS 

Reconsideration and further examination are respectfully requested in view of the above 
amendments and below remarks. 

Rejections under 35 U.S.C. $103 

Claims 1-12 were rejected under 35 U.S.C. §103 as being unpatentable over Jari et al 
(U.S. Patent Pub. No. 2001/0020275A1, hereinafter 'Jari') in view of Mercer et al. (U.S. 
Publication No. 2003/00 18908A1, hereinafter 'Mercer'). 

Jari: 

Jari describes, in the Abstract: 

"...The security gateway 2 contains a CPU 4 having a volatile memory 5 in which is 
stored, among other things, a security association database for controlling secure 
communications between the network and external users. A controller 6 periodically stores the 
security association database in a disk memory 7 or other nonvolatile memory. When a 
restoration of power to the security gateway is detected following a power failure, the controller 6 
retrieves the latest security association database from the memory 7 and injects it into the volatile 
memory 5 whose contents were lost during the power failure. The security gateway 2 may then 
restore secure communication with external users...." 

At paragraph [0035] Jari describes: 

"...During normal operation of the security gateway 2, the current security association 
database in the volatile memory 5 is periodically stored in the disk memory 7 by the controller 6. 
This is illustrated in FIG. 2..." 



At paragraph [0037] Jari describes: 
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"...When power is restored and the security gateway 2 is operative again, the power 
supply detector 8 supplies a signal illustrated at 20 in FIG. 3 to generate another interrupt 21 for 
the data processor of the controller 6. At 22, the controller 6 retrieves the most recently stored 
SAD from the disk memory 7 and, at 23, decrypts the SAD using the latest private key which, for 
example, may be stored in the disk memory 7 in association with the SAD. The controller 6 may 
delete expired security associations from the SAD as illustrated at 24 before writing the SAD to 
the volatile memory 5 as shown at 25. Alternatively, the controller 6 may simply "inject" the 
whole SAD into the volatile memory of the CPU 4, which then deletes expired security 
associations. The SAD is thus restored with very little delay and allows the security gateway 2 to 
begin controlling secure communication between external users and the VPN 1 very quickly. The 
controller 6 then enters the wait mode as illustrated at 26 and awaits the next interrupt..." 



Thus Jari describes a system which backs up and restores an entire database of security 
associations. Jari is silent as to how the particular security associations are stored in the security 
associations database, but rather is directed solely at backing up and restoring the database. 



Mercer: 

Mercer describes a method for establishing a secure communication channel for 
information flow between two or more computers and a system for implementing the method in 
response to receiving a security association from one of the computers. [Mercer, Abstract] 

In particular, Mercer is concerned with reducing the calculation overhead and processing 
time associated with establishing and determining Security Associations for inbound IPSec 
traffic. [Mercer, paragraph 11] 

To overcome the problems of the prior art, Mercer assigns SPI values based on the 

memory location where the Security Association (SA) will reside. For example, as described at 

paragraph [0029] of Mercer: 

"... Each memory region in the memory storage device 514 is, as is generally known, 
indexed using a specific memory address value. In a preferred embodiment, each memory 
address value is 32-bits in length, which matches the standard bit length of an IPSec SPI value. 
Thus, the memory address value of the memory region that will store the SA structure is assigned 
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as the SPI value 312, 412 of the inbound SA (STEP 610). The IPSec hardware device 510 then 
writes the inbound SA structure to the assigned memory region for storage (STEP 612), and the 
IPSec memory management software passes the SPI value 312, 412 to the IKE software 
component 504 (STEP 614), which maintains its own SA tables. ... The computer 500, via the 
IKE software component 504, then transmits the assigned SPI value back to the computer that 
requested that the SA be established (STEP 616). The process then ends (STEP 618). .." 



As described at paragraph [0031] of Mercer: 

"...The present invention eliminates the need for elaborate and time consuming SAD table 
lookup algorithms, which result in costly memory access times and complex lookup hardware. 
The present invention allows high-speed and efficient inbound SA lookup without significantly 
impacting memory access bandwidth..." 



The Examiner alleges that Jari teaches several elements of the claim, but states, at page 4 
of the office action: 

"... Jari does not explicitly disclose 

wherein the set of security associations includes only the security associations for 
endpoint nodes that are trusted by the node; 

receiving, at the node, a communication from the endpoint node 

determining whether a security association for the endpoint node is included in the 
working set of security associations; 

responsive to a determination that the security association for the endpoint node is 
in the working set of security associations, using the security association to process the 
communication from the endpoint node..." 

However, in the field of endeavor Mercer discloses, 

wherein the set of security associations includes only the security associations for 
endpoint nodes that are trusted by the node; [paragraph 0025]... 

receiving, at the node [paragraph 0026 and paragraph 0030] ... a communication 
from the endpoint node... 

determining whether the security association for the endpoint node is included in 
the working set of security associations [paragraph 0026 and paragraph 0030]... 

responsive to a determination that the security association for the endpoint node is 
in the working set ... using the security association to process the communication from the 
endpoint node..." 

It would have been obvious to one of ordinary skill in the art ... to combine the features of 
including only the security associations for endpoint nodes that are trusted by the node; receiving 
at the node, a communication from the end point node; determining whether a security 
association for the endpoint node is included in the working set of security associations; and 
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responsive to a determination that the security association for the endpoint node is in the working 
set of security associations, using the security association to process the communication from the 
endpoint node as per teachings of Mercer into the method taught by Jari for the purpose of 
eliminating the need for elaborate and time consuming SAD/ security association databases 
lookup algorithms, which result in costly memory access times and complex lookup hardware 
[See Mercer, paragraph 0031]..." 

Applicants respectfully disagree. 

It is well known that "to establish a prima facie case of obviousness, three basic criteria 
must be met. First, there must be some suggestion or motivation, either in the references 
themselves or in the knowledge generally available to one of ordinary skill in the art, to modify 
the reference or to combine reference teachings. Second, there must be a reasonable expectation 
of success. Finally, the prior art reference (or references when combined) must teach or suggest 
all the claim limitations." [M.P.E.P. §2143] The combination of Jari with Mercer fails to satisfy 
this burden for at least the reasons provided below. 

No motivation can be found for the modification suggested by the Examiner 

"There are three possible sources for a motivation to combine references: the nature of the 
problem to be solved, the teachings of the prior art, and the knowledge of persons of ordinary 
skill in the art." In re Rouffet, 149 F.3d 1350, 1357, 47 USPQ2d 1453, 1457-58 (Fed. Cir. 1998). 
The Examiner states that one would be motivated to modify Jari using the teachings of Mercer to 
'eliminate the time consuming ... table lookup algorithms, which result in costly memory 
access...' 

Applicants respectfully disagree that Jari would be motivated to use the teachings of 
Mercer, as Jari does not address the issue of storing security associations in a database; rather, 
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Jari is concerned only with restoring the database in the event of the failure. As a result, there 
would be no benefit to Jari using the modification suggested by the Examiner. For at least the 
reason that no motivation can be found for the modification suggested by the Examiner, the 
rejection is overcome and should be withdrawn. 

Combination neither discloses of suggests the claimed invention 

To establish prima facie obviousness of a claimed invention, all the claim limitations 
must be taught or suggested by the prior art. In re Royka, 490 F.2d 981, 180 USPQ 580 (CCPA 
1974). "All words in a claim must be considered in judging the patentability of that claim against 
the prior art." In re Wilson, 424 F.2d 1382, 1385, 165 USPQ 494, 496 (CCPA 1970). If an 
independent claim is nonobvious under 35 U.S.C. 103, then any claim depending therefrom is 
nonobvious. In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988). 
Independent claims 1 , 5 and 7: 

Independent claims 1, 5 and 7 each include limitations which are neither taught 
nor suggested by the combination of Mercer and Jari. In particular, each of the independent 
claims are directed to a method or apparatus which identifies trusted end points and maintains 
security associations only for trusted end-points. For example, claim 1 includes the step of 
"copying, responsive to a reset at the node, a set of security associations stored in a memory to a 
working set of security associations, wherein the set of security associations includes only the 
security associations for.. .a set of trusted endpoint nodes, the set of trusted endpoint nodes 
determined according to a security association re-use policy of the node..." Claim 5 recites the 
step of "...selectively storing an identifier of the endpoint on a trusted endpoint list according to a 
re-use policy of the node ..." Claim 7 recites the element of "a list of trusted endpoints, the list of 
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trusted endpoints being determined according to a security association re-use policy of the 
network device ..." 

No such structure is shown or suggested by the combination of Mercer and Jari. The 

Examiner states that Mercer teaches that the step of 'the set of security associations includes only 

the security associations for endpoint nodes that are trusted by the node...' is taught by Mercer at 

paragraph 0025. However, paragraph 0025 merely states: 

"... If the first 110 and second 1 14 gateway computers already share an IKE SA, 
then the IPSec SA can be created fairly quickly. If not, then an IKE SA must first be established 
before an IPSec SA can be established. To establish an IKE SA, the first 110 and second 1 14 
gateway computers exchange digital certificates, which have been digitally signed by a trusted 
third party certificate authority 115. Thereafter, when the IKE session becomes active, the first 
110 and second 1 14 gateway computers can establish the IPSec SA..." 

As best can be understood by the Applicant, it would appear that the Examiner is stating 
that any endpoint that communicates using an IPSec SA is a 'trusted' end point. Applicants have 
amended the claims to highlight that 'trusted end-points' of the claim are identified according to 
a security association re-use policy. 

The combination of Jari and Mercer does not distinguish between end-points when 
storing security associations; rather Mercer stores and restores the entire database of security 
associations. One advantage of identifying trusted end-points is described at page 9 of 
Applicant's specification, as 'The SA logic 32 takes advantage of the fact that certain endpoints 
are well known to each node. These endpoints are allowed a very fast but secure method to re- 
establish communications with the node in the event of a power failure..." Examples of such 
trusted end points are provided at pages 8-9, and include branch offices, telecommuters, etc. 
As described on page 9, line 5 'Re-use policies can also be flexible depending upon the amount 
of traffic the VPN is handling; for example, if the traffic load is light and not many users are 
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using the communications channels, the policy may specify that a full IKE exchange should be 
used in the event of a power down..." No such advantage may be realized by the combination of 
Mercer and Jari. 

Thus, for at least the reason that the combination of Jari and Mercer fails to describe or 
suggest every limitation of the claims, it is respectfully requested that the rejection under 35 
U.S.C. §103 be withdrawn and the claims allowed to issue. 

Dependent claim 2-4, 6 and 7-12 serve to add further patentable limitations to their parent 
independent claims and are allowable for at least the same reason as their parent claims. 

New claims 13-20 

Applicants have added new claims 13-20 which include further patentable limitations. 
For example, claim 13 recites "...The method according to claim 1 wherein the security 
association re-use policy controls the set of trusted endpoints to comprise fewer than all of the 
endpoints that securely communicate with the node..." As discussed at length above, no such 
structure is shown or suggested by the combination of Mercer and Jari, which backs up the entire 
security association data base. Dependent claims 16 and 18 recite similar limitations. Thus 
claims 13,16 and 18 are patentably distinct over the combination of Jari and Mercer. 

Claim 14 recites "...The method according to claim 1 wherein the security association re- 
use policy varies in response to network traffic..." Claims 17 and 19 recite similar limitations. 
For this additional reason, claims 14, 17 and 19 are patentably distinct over the combination of 
Jari and Mercer. 

Claim 16 recites "...The method of claim 1 wherein the security association re-use policy 
always selects identifiers associated fixed end points for inclusion in the trusted endpoint list..." 
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No such structure is shown or suggested by the combination of Jari and Mercer, and thus claim 
16 is patentably distinct over Jari in view of Mercer. 

Claim 20 recites "...The network device of claim 7 wherein the security association re -use 
policy includes end-points that request trusted status..." No such structure is shown or suggested 
by the combination of Jari and Mercer, and thus claim 20 is patentably distinct over Jari in view 
of Mercer. 



Applicants have made a diligent effort to place the claims in condition for allowance. 
However, should there remain unresolved issues that require adverse action, it is respectfully 
requested that the Examiner telephone Applicants' Attorney at the number listed below so that 
such issues may be resolved as expeditiously as possible. 

For these reasons, and in view of the above amendments, this application is now 
considered to be in condition for allowance and such action is earnestly solicited. 



Conclusion 
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